Education Series: Blockchain Requires Tradeoffs

Everyone seems to have an opinion which is their favorite blockchain project. On the Telegram channels I admin for I will hear statements such as:

“Ethereum is the best because the highest number of dapp projects launching ICOs”

“Neo is the best because it allows programmers to use their existing knowledge of programming language”

“Bitcoin is the best because it is the most secure”

Whichever way you lean, I think it’s critical you understand the tradeoffs each of these projects have had to make and why each protocol may have a place in the new world. To understand what each blockchain is trying to do, let’s first provide a definition for a blockchain.

A blockchain is an incorruptible distributed ledger of transactions.

Blockchain attempts to create a system of trustlessness. In a true trustless system, we would not need a third party to identify whether a transaction is valid or not. Today’s financial, legal, and judicial institutions are third parties that are meant to provide trust. Without these institutions, we would transact with others under heavy levels of suspicion. The most common example is of a third party payment processor between a retailer and purchaser. The third party then verifies with your banking institution you have the funds to purchase an item. Several parties were involved: you, your bank, the retailer, and the payment processor. In a trustless system, the retailer would simply wait for purchase verification on the network and the buyer could walk out the door with their purchase. No third party needed, just you and the retailer.

While this trustless nirvana sounds great on paper, we must be prepared that it may never fully happen. Cryptography is modern computing’s greatest asset to date in approaching true trustlessness. But even here, modern cryptographic techniques do not fully guarantee security. The best they can do is afford insanely high probabilities of protection against malicious actors. Case in point, numerous high profile attacks successfully penetrated security systems against well funded companies such as Target, Sony, and EquiFax. We need to develop stronger cryptography or other solution approaches such as blockchain.

Trust comes at a cost

In high functioning societies we rely on third party institutions to carry out the rule of law, legislate new policies to adapt to the times, and to participate in a market economy. The level of resources needed to create and maintain these institutions is enormous. Judges, policemen, politicians, businesses, and many other professions represent the human capital and financial resources to maximize trust in these systems. In a digitized world, a blockchain could potentially lower many of these costs. I’m not proposing something as silly as judges or policemen would be replaced by software programs such as blockchain. But certainly there are institutions ripe for disruption.

“It is a profoundly erroneous truism, repeated by all copy-books and by eminent people when they are making speeches, that we should cultivate the habit of thinking what we are doing. The precise opposite is the case. Civilization advances by extending the number of important operations which we can perform without thinking about them.” ~Alfred North Whitehead, philosopher and mathematician

Bitcoin enters the stage

In 2009, an individual under the pseudonym Satoshi Nakomoto published a paper called Bitcoin: a peer-to-peer electronic cash system. Several ideas had been formulated for peer-to-peer cash systems, but Bitcoin was unique in that it turned traditional payment systems on its head. Rather than emulate payment processors such as Visa or Mastercard with high transaction throughput, Bitcoin was intentionally designed to be a much slower, inefficient system. That sounds crazy. But it works. In this post I will look into why it did so. First, let’s introduce the DCS framework for examining tradeoffs.

1/ Blockchain is the slow-ass database you use when you don’t trust anyone

The DCS Triangle

Back in 2016 Trent McConaghy, CEO of Ocean Protocol, published The DCS Triangle. He laid out in clear terms the tradeoffs each blockchain protocol makes when developing their projects. Blockchains by nature tend to capture two of the corners but no project in production today has successfully optimized for all three. From Trent’s original article, the definitions of Decentralized-Consistent-Scale are:

Decentralized, where no single entity controls the network.Big “D” means server-free (fully) decentralized; anyone can join the network as a validating node. Little “d” means server-based decentralized. If not D or d, the system is centralized.

Consistent, where the network aims to keep data in sync. Big “C” means all nodes see the same data at the same time. Being big-C consistent is a prerequisite to preventing double-spends, and therefore storing tokens of value. There are many models of consistency; we mean “consistent” in the same way that the CAP theorem does, except a little bit more loosely (for pragmatism). Little “c” means strong eventual consistency, such that when data gets merged there are no conflicts, but not consistent enough to prevent double spends. If not C or c, the system is not consistent.

Scale. Big “S” is planetary scale. This means means sufficient performance characteristics to serve planet-scale or enterprise-scale needs, as typically seen in “big data” distributed databases. This includes throughput of 100,000 tx/s, 1M tx/s or more; capacity in the hundreds of TB, or PB, or more; and latency of <1 s (takes into account speed of light delays in a WAN setting). For reference, typical stock exchanges and ad networks run 100,000–500,000 tx/s. If not S, the system is not planetary scale.

Kyle Samani of Multicoin Capital uses the word “safety” in place of “consistent”. Additionally, he mentions TTF, time-to-finality, as a fourth dimension to consider in his post Models Scaling Trustless Computation.

In this post I’ll examine the Proof-of-Work consensus algorithm in the context of these three dimensions. In other posts I’ll examine other consensus algorithms such as Proof-of-Stake (PoS), Byzantine Fault Tolerance (BFT), and delegated Proof-of-Stake (dPoS).

A brief look at finality – the 4th dimension

One of the hallmark features of a blockchain is that the ledger can never be changed. It is immutable. In addition to providing data integrity, finality also directly impacts network latency. Different blockchains take different approaches to finality. For example, in a PoW schema, the main chain naturally forks as miners attempt to validate blocks and add them to the chain. It is possible the nodes on the network have a different copy of the ledger. Therefore we require a way to select which copy is the true blockchain. PoW systems use the longest chain as the valid copy and reject all other, shorter chains (see this article for more details). On the other end of the spectrum, the Neo blockchain uses their dBFT (Default Byzantine Fault Tolerance) consensus algorithm where only one chain can exist and all transactions on the network are considered final.

Proof-of-Work in Bitcoin

Bitcoin’s brilliance lies in its simplicity. Essentially, it’s a decentralized ledger of transactions sent to every computer on the network. When transactions are generated they are broadcast to all nodes on the network and batched together in what is called a block. The computers, or nodes, on the network then start working to solve a very computationally expensive puzzle. Through trial and error, each node submits an answer, or more commonly referred to as a nonce, over and over until the puzzle is solved. The first node to solve the puzzle then broadcasts (hilariously called a gossip protocol) that solution to the rest of the network. As other nodes validate it is correct, they continue working on validating other blocks to add to the chain. For quick reference, a block is not considered “final” until 6 blocks have been validated. This is how a Proof-of-Work consensus algorithm works in principle.

Bitcoin opts for low throughput, high latency

(aka LOW VOLUME and SLOW!)

Bitcoin produces blocks every ten minutes. To ensure that every node on the network has the latest copy of the ledger (gossip protocol), or the longest chain, Bitcoin nodes consider blocks final after six blocks have been validated. Therefore transactions are not considered “final” until, at least, 60 minutes have passed. That’s not very practical to purchase every day goods but Bitcoin can be applied in use cases where high latency is acceptable: think digital gold or a store of value.

Ethereum, another blockchain project, also features a PoW consensus algorithm but it is much faster than Bitcoin. To achieve this speed, Ethereum enabled its GHOST protocol where block times were reduced (less than Bitcoin’s 10 minutes) and uses a weighted chain (instead of longest chain) approach. I can detail this another time for everyone.

Based on the triangle above you can see that each of the nodes on Bitcoin and Ethereum practically see the same copy of the ledger at all times. Therefore Bitcoin and Ethereum lean heavily on the Consistency corner of the framework.

PoW systems tend to become centralized

No third party is needed in Bitcoin. A company or government would not be able to rewrite the history of transactions. Therefore Bitcoin can be called censorship resistant. It is also a permissionless system. You do not need to sign up with a bank or a company to participate in the Bitcoin network. It’s permissionless. I do not need to show my ID to a bank and I feel secure no bank is going to come back to me and say my balance is zero. I feel safe and free. So this all sounds great. Where’s the catch?

Solving the Proof-of-Work puzzle becomes increasingly and exponentially difficult. Over time, solving the puzzle to create new blocks requires an increasing level of computational resources. Every day computers just won’t cut it. This arms race for sophisticated hardware leads to centralized groups pooling their computing, or hashpower, together to continue validating blocks and securing the network. See the problem here? PoW schemes such as Bitcoin and Monero pursue maximum censorship resistance but at the risk of centralization.

Prior to pooling, the Bitcoin and Monero networks were highly decentralized. Therefore let’s say that Bitcoin, Ethereum and Monero lean into the Decentralized corner of the triangle. If you want to be nit picky about it you can use a lower cased “d” since it is decentralized but only to those who run a pool or a data center.

Update (4/10/2018): See this excellent article Jimmy Song wrote on why pooling centralization is not as much a threat as one may think to the Bitcoin network.

Finality in PoW

Bitcoin does not consider a transaction final (or more often referred to as finality) right away, or ever in fact. PoW based systems are designed so that transactions are not considered final but rather probabilistically final. What does that mean exactly? As other blocks are validated after a block with my transaction in it, the probability of it being valid doesn’t increase linearly. Instead it increases exponentially. The likelihood of my transaction being false is laughably improbable.

In order to create fraudulent transactions (forgery, counterfeiting, double spending – whatever you want to call it), a malicious actor would have to rewrite the history of not just one block but many other blocks. As mentioned above, the probability of this happening with modern hardware and computing is infinitesimal. Bitcoin is easily the most secure blockchain project to date.

Bitcoin is the most secure financial network on the planet. But its centralized peripheral companies are among the most insecure. pic.twitter.com/0rxLtXscNJ

PoW Schemes are DC, not DCS

Bitcoin runs greatest along the decentralized and consistency vectors. In fact, all proof-of-work schemes do so. With that tradeoff, Bitcoin and Ethereum are both slow (the Scalability corner of the triangle). There are plenty of projects trying to introduce Scalability for each project such as Rootstock (RSK) for Bitcoin and Casper’s sharding design for Ethereum. Both RSK and Casper are still in development. They are not yet in production. It is yet to be seen whether PoW schemes can maximize all three corners of the DCS framework.

Over the next few weeks I will start tackling popular, mainstream blockchains using this framework. Hope you enjoyed the read and continue learning about this space with me.